Comprehensive Guide to AML/KYC Regulations in UAE for 2024: Latest Laws and Legislations
UAE Cracks Down on Money Laundering and Terrorist Financing
In a bid to strengthen its anti-money laundering (AML) and combating the financing of terrorism (CFT) measures, the Central Bank of the UAE (CBUAE) has established a special department, the Anti-Money Laundering and Combating the Financing of Terrorism Supervision Department (AMLD). This move comes as part of the UAE's commitment to aligning with international AML/CFT standards.
The current regulatory framework for Designated Non-Financial Businesses and Professions (DNFBPs) in the UAE is primarily governed by Federal Decree Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism (AML Law), along with relevant Cabinet decisions and the oversight framework established by the Ministry of Economy and Tourism. Sectors such as real estate brokerage firms, precious metals and gemstones traders, corporate service providers, and auditors fall under this category.
The AML Law serves as the foundation for AML/CFT measures, supported by amendments like Federal Decree-Law No. 26 of 2021 and Federal Law by Decree No. 7 of 2024, which enhance the AML/CFT framework. Cabinet Decision No. 109 of 2023 introduced enhanced Ultimate Beneficial Owner (UBO) identification and streamlined compliance requirements for registered legal persons, including those in DNFBP sectors.
The UAE Ministry of Economy and Tourism is the primary supervisory authority responsible for monitoring AML compliance in DNFBPs. It conducts inspection campaigns and imposes administrative penalties for violations, applying a robust regulatory system with mechanisms for both desk and field inspections.
In the first half of 2025, the Ministry detected over 1,000 AML violations among DNFBP entities, issuing fines exceeding AED 42 million. The vast majority of violations occurred in precious metals and gemstones trading, real estate brokerage, and to a lesser extent corporate service providers and auditors.
DNFBPs must update their internal risk models, AML/CFT policies, customer due diligence (CDD) and onboarding procedures to meet evolving legal requirements, including compliance with UBO disclosure and transparency obligations. This aligns with the UAE’s 2024 National Risk Assessment calls for enhanced AML/CFT controls across these sectors.
Although primarily overseeing financial institutions, the Central Bank’s AML/CFT Department sets broader sectoral compliance expectations and supports the national AML framework, which DNFBPs must integrate with to ensure systemic coherence.
Financial institutions, DNFBPs, and Non-profit organizations are required to comply with the AML-CFT Law in the UAE. Financial institutions must comply if they conduct one or several of financial activities or operations on the customer's behalf, including receiving deposits, providing credit facilities, currency exchange, and managing funds.
Businesses need to follow Know Your Customer (KYC) requirements when working with their customers, requiring the collection of various types of documents from individual customers and companies. FIs and DNFBPs are required to undertake enhanced Customer Due Diligence (CDD) measures for high-risk customers, including Politically Exposed Persons (PEPs), customers associated with high-risk countries, and correspondent banking institutions.
The AMLD is responsible for examining Licensed Financial Institutions (FIs), ensuring adherence to the UAE's AML/CFT legal and regulatory framework, and identifying threats, vulnerabilities, and emerging risks to the UAE's financial sector.
In 2021, the Central Bank of the UAE announced that it imposed financial sanctions on 11 UAE banks for failing to comply with AML/CFT regulations. The Financial Action Task Force (FATF) stated in February 2024 that the UAE is no longer subject to increased monitoring.
Businesses should monitor customer transactions, ensure that they provide authentic data, and report suspicious cases to stay compliant with AML/CFT regulations in the UAE. goAML, a special application created by the United Nations Office on Drugs and Crime (UNODC), aims to combat money laundering, terrorism financing, and other types of financial crimes. All FIs, DNFBP, and Virtual Asset Service Providers (VASPs) are required to register on the goAML portal as part of their compliance procedures.
If FIs fail to report suspicious activities, their managers or employees may be subjected to imprisonment and fines. A person acts unlawfully if they knowingly commit one of the following crimes: transferring or transporting proceeds of crime with intent to conceal or disguise its illicit origin, concealing or disguising the true nature, origin, location, way of disposition, movement or rights related to any proceeds or the ownership thereof, acquiring, possessing or using such proceeds, or assisting the perpetrator of the predicate offense to escape punishment.
Designated Non-Financial Businesses and Professions include brokers and real estate agents, dealers in precious metals and stones, lawyers, notaries, independent accountants, providers of corporate services and trusts, and other professions and activities determined by the Minister. FIs are obliged to report suspicious activities related to ML/FT operations to the Financial Intelligence Union (FIU) without delay.
FIs can exercise Simplified Customer Due Diligence (SDD) measures for low-risk customers, involving reduced verification requirements, fewer detailed inquiries, and less frequent supervision. Enhanced Due Diligence (EDD) measures involve more rigorous CDD measures applied towards high-risk customers, including increased scrutiny, higher standards of verification, more detailed inquiry, and increased supervision.
The most important AML/CFT laws in the UAE include Federal Decree-Law No. (20) of 2018, Cabinet Decision No. (10) of 2019, Cabinet Decision No. (58) of 2020, Cabinet Resolution No. (53) of 2021, Cabinet Decision No. (16) of 2021, and Cabinet Resolution No. (74) of 2020. Depending on the circumstances, the statutory retention period for all records is at least five years.
The UAE has a Specialized Money Laundering Court. Non-profit organizations have very limited obligations under legislation compared to FIs and DNFBPs. There is no minimum reporting threshold and no statute of limitations concerning ML/FT crimes or reporting of suspicious transactions.
- In line with the UAE's commitment to aligning with international anti-money laundering (AML) and combating the financing of terrorism (CFT) standards, financial institutions, DNFBPs, and non-profit organizations are required to adhere to the AML-CFT Law in the UAE, following strict Know Your Customer (KYC) requirements and reporting suspicious transactions.
- To ensure systemic coherence, businesses must update their internal risk models, AML/CFT policies, customer due diligence (CDD) and onboarding procedures, and comply with UBO disclosure and transparency obligations, as established by the Central Bank of the UAE's AML/CFT Department, and the UAE Ministry of Economy and Tourism, which oversees AML compliance in DNFBPs.
